The following is an example of acces control matrix, so we can rule it off:
The following is an example of access control list:
The access control list are per-file.
The clearances are basically roles. So what remains is capability list, which list the capabilities for each subject, and not per-file:
The following is DAC, which lets specific entities access other specific entities through an access control matrix.
ABAC is based on attributes of the subjects, RBAC is based on the roles of the subjects and MAC.
MAC stands for Mandatory Access control and this is its definition:
MAC differs from RBAC because MAC is hyerarchical, while RBAC is more specific.
Think of MAC like a simplified version of the US Government classification system -- you have Confidential, Secret, Top Secret for example. If one only has a Confidential clearance, they may not access secret or top secret, but when one has a Top Secret clearance they may receive access to documents on all levels. One key element of MAC though is that it's handled centrally and enforced by the computer system -- so users, sysadmins etc cannot escalate privileges on their own without approval by the central authority of the organization.
In contrast, a role-based access control would be more granular. For example, if using role-based access control, someone working for the US Government in Human Relations would have access to memos, dossiers and other information on employees as their position requires. However, they wouldn't have access to other information at the same classification level that is outside of their scope of work -- like, financials for equipment purchases. So, role-based access control limits the scope of information.
These are the properties and their name:
in other words:
These are the countermeasures
I think DOM is object oriented sql programming in the server side, so that the programmer or code is not exposed to raw SQL, thus preventing mistakes and providing strong type checking and sanitization for input.
This is the algorithm:
The first two answers are a description of RSA. The other two are correct. Diffie-Hellman involves computing logarithms, not factoring large prime numbers.
Based on the notion that a product of two large prime numbers cannot be easily factored to determine the two prime numbers.
That is, going from results (the product of prime numbers) to inputs (prime numbers) is a nearly impossible task.
The server chooses two prime numbers, p and q. Let N be p * q.
Then the server computes
What we want is to let the client encrypt the data using this formula:
Then the server can decrypt using this formula:
The security comes from the fact that we only share N and e and its difficult to compute d without knowing p and q.
Encryption for Confidentiality:
Digital Signature for Authentication:
HMAC stands for Hash-based Message Authentication Code.
We use a secret key and a cryptographic hash function to create a message authentication code.
HMAC can be used to verify both the data integrity and the authenticity of a message.
Basically we combine the key with the message and we hash it.
The thing is that if both parties know the secret key, then one can know that the message has not been modified and that the certification comes from the right client.
Has been chosen as the mandatory-to-implement MAC for IP security.
Blind SQL injection:
Tautology:
UNION operator:
We use union to get access to other tables, other than the legitimate one.
The attacker uses the UNION operator to combine the results of the original query with another SELECT query from another table.
Second-order inject:
We legitimately insert shit in the db that enables us to do injection later with another legitimate query. For example a crafted name in the registration of the account.
Cross site request forgey: since when we make a request to a website, the credentials or token gets sent automatically, another malicious website could make us do a request to the other website using our authentication.
Reflected cross-site scripting